Re: Re: W2k: Unkillable ApplicationsFrom: Bronek Kozicki (brok_at_rubikon.pl)
- Vorherige Nachricht: Carlo Strozzi: "Re: multiple vulnerabilities in un-cgi"
- Nachrichten sortiert nach: [ Datum ] [ Thread ] [ Subject ] [ Autor ] [ Attachement ]
> It appears that the Processes tab is doing a simple filename-based
> search, and the Applications tab isn't doing any search at all.
> (After all, the 'critical system processes' like Winlogon would never
> show up in the Applications tab in the first place, since they don't
> have top-level windows associated with them.)
Little mistake here. Winlogon _has_ top-level window, its just invisible.
You may make it easilly visible with tools like showin.exe (you will find
more such windows, most are in Explorer process). See Microsoft 01-007
security bulletin, how this can be exploited.
> At the very, very least, the Task Manager should be making this check
> on the full pathname of the process, not just the filename; an
> application running in C:\TEMP is highly unlikely to be a critical
> system process...